ida-pro-mcp MCP — Cas d'usage, Installer & Démo en direct

Pourquoi l'utiliser

Fonctionnalités clés

Full decompilation and disassembly access from AI assistants
Symbol management: rename functions/variables, declare types, set comments
Pattern search: find bytes, instructions, regex across the binary
Complete debugger control: breakpoints, stepping, register/memory access
Headless analysis support via SSE transport and idalib

Démo en direct

Aperçu en pratique

ida-pro-mcp.replay ▶ prêt

0/0

Installer

Choisissez votre client

~/Library/Application Support/Claude/claude_desktop_config.json · Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "ida-pro-mcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/mrexodia/ida-pro-mcp"
      ]
    }
  }
}

Ouvrez Claude Desktop → Settings → Developer → Edit Config. Redémarrez après avoir enregistré.

~/.cursor/mcp.json · .cursor/mcp.json

{
  "mcpServers": {
    "ida-pro-mcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/mrexodia/ida-pro-mcp"
      ]
    }
  }
}

Cursor utilise le même schéma mcpServers que Claude Desktop. La config projet l'emporte sur la globale.

VS Code → Cline → MCP Servers → Edit

{
  "mcpServers": {
    "ida-pro-mcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/mrexodia/ida-pro-mcp"
      ]
    }
  }
}

Cliquez sur l'icône MCP Servers dans la barre latérale Cline, puis "Edit Configuration".

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "ida-pro-mcp": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/mrexodia/ida-pro-mcp"
      ]
    }
  }
}

Même format que Claude Desktop. Redémarrez Windsurf pour appliquer.

~/.continue/config.json

{
  "mcpServers": [
    {
      "name": "ida-pro-mcp",
      "command": "TODO",
      "args": [
        "See README: https://github.com/mrexodia/ida-pro-mcp"
      ]
    }
  ]
}

Continue utilise un tableau d'objets serveur plutôt qu'une map.

~/.config/zed/settings.json

{
  "context_servers": {
    "ida-pro-mcp": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/mrexodia/ida-pro-mcp"
        ]
      }
    }
  }
}

Ajoutez dans context_servers. Zed recharge à chaud à la sauvegarde.

claude mcp add ida-pro-mcp -- TODO 'See README: https://github.com/mrexodia/ida-pro-mcp'

Une seule ligne. Vérifiez avec claude mcp list. Supprimez avec claude mcp remove.

Cas d'usage

Usages concrets : ida-pro-mcp

How to reverse engineer a binary with AI assistance in IDA Pro

👤 Reverse engineers and security researchers analyzing binaries they own or have authorization to test ⏱ ~60 min advanced

Quand l'utiliser : You have a binary loaded in IDA Pro and want AI to help understand and annotate it.

Prérequis

IDA Pro 8.3+ (not IDA Free) — Commercial license from Hex-Rays
ida-pro-mcp installed — pip install <repo-url> && ida-pro-mcp --install

Déroulement

Get an overview

List all functions in this binary. Which ones look like they handle network communication based on their names and imports?✓ Copié

→ Categorized function list with network-related functions highlighted
Decompile key functions

Decompile the main network handler function. Explain the protocol it implements and rename variables to be descriptive.✓ Copié

→ Decompiled C code with renamed variables and protocol analysis
Trace data flow

Find all cross-references to the encryption key buffer. Who reads it and who writes it?✓ Copié

→ Xref chain showing data flow from key generation to encryption calls

Résultat : A well-annotated IDB with key functions understood, renamed, and documented.

Pièges

Decompilation can be slow on large functions — Start with smaller callees and work up. Use disasm() for quick overviews.

Combiner avec : filesystem

Solve a CTF reverse engineering challenge using IDA Pro and AI

👤 CTF participants working on binary reversing challenges ⏱ ~45 min intermediate

Quand l'utiliser : You have a CTF binary that needs static and/or dynamic analysis to find the flag.

Prérequis

IDA Pro with ida-pro-mcp — Install and connect

Déroulement

Find the validation logic

Search for strings containing 'flag', 'correct', 'wrong'. Decompile the functions that reference them.✓ Copié

→ Validation function with flag-checking logic
Debug to extract the flag

Set a breakpoint at the comparison. Run the binary with input 'AAAA' and show me what it compares against.✓ Copié

→ Expected flag value visible in registers or memory

Résultat : Flag extracted through combined static and dynamic analysis.

Pièges

Anti-debug tricks prevent breakpoint hits — Use find_insns to locate anti-debug checks and patch them with patch_asm

Combinaisons

Associez-le à d'autres MCPs pour un effet X10

ida-pro-mcp + filesystem

Export decompiled code and analysis notes to files

Decompile all functions related to the crypto module and save the annotated code to ~/analysis/crypto.c.✓ Copié

Outils

Ce que ce MCP expose

Outil	Entrées	Quand appeler
decompile	address_or_name: str	Decompile a function to C pseudocode
disasm	address: str, count?: int	Disassemble instructions at an address
rename	old_name: str, new_name: str	Rename a function or variable
xrefs_to	address: str	Find all cross-references to an address
find_bytes	pattern: str	Search for a byte pattern in the binary
patch_asm	address: str, asm: str	Patch assembly instructions at an address
dbg_run	none	Start the debugger
set_comments	address: str, comment: str	Add a comment at an address

Coût et limites

Coût d'exécution

Quota d'API: N/A — local IDA Pro instance
Tokens par appel: 200–3000 tokens (decompilation output can be large)
Monétaire: Requires IDA Pro commercial license ($). The MCP plugin itself is free.
Astuce: Use list_funcs to identify targets before decompiling to avoid decompiling every function.

Sécurité

Permissions, secrets, portée

Stockage des identifiants : N/A — local tool

Sortie de données : All analysis is local. No network calls from the MCP server.

⚠ This tool is designed for authorized security research, CTF competitions, and defensive analysis only. Do not use it against systems you don't own or have written authorization to test.
Patching binaries modifies the IDB. Use IDA's snapshot feature before making changes.
Debugger operations execute the target binary — only debug in sandboxed environments.

Dépannage

Erreurs courantes et correctifs

ida-pro-mcp --install fails

Ensure Python 3.11+ and IDA Pro 8.3+ are installed. The installer needs to find IDA's plugin directory.

Vérifier : python3 --version && which idat

Decompilation fails

Not all functions decompile cleanly (obfuscation, hand-written assembly). Try disasm() as a fallback.

Vérifier : Try decompiling a simpler function first

Debugger won't start

Ensure IDA's debugger is configured for the target platform (local, remote, etc.). Check that the binary is not already running.

Vérifier : Check IDA's debugger settings

Alternatives

ida-pro-mcp vs autres

Alternative	Quand l'utiliser	Compromis
GhidrAssistMCP	You prefer free Ghidra over commercial IDA Pro	Ghidra is free but IDA Pro generally has faster analysis and wider format support
reverse-engineering-assistant	You want a Ghidra MCP with a tool-driven approach optimized for LLMs	Fewer tools but better context management for AI interaction

Plus

Ressources

📖 Lire le README officiel sur GitHub

🐙 Voir les issues ouvertes

🔍 Parcourir les 400+ serveurs MCP et Skills